A TPM is a secure cryptoprocessor which is dedicated to secure hardware by integrating cryptographic keys into devices. A TPM 2.0 module has three hierarchies, namely, platform hierarchy, storage hierarchy and endorsement hierarchy. Each of the hierarchies is controlled by a corresponding control domain via an authorization value. For example, the platform hierarchy is controlled by a platform firmware control domain and its access requires an authorization key in form of a platformAuth value. The authorization value needs to be handled carefully since its disclosure or exposure may lead to serious security breaches.
Upon system reset or boot-up, the TPM is accessible by the system firmware interface and the value of platformAuth is empty. Conventionally, to prevent any unauthorized access afterwards, the system firmware sets platformAuth value to a random number to lock the access to the platform firmware control domain. The platformAuth value is subsequently cleared from the memory so that the platform hierarchy becomes inaccessible after Unified Extensible Firmware Interface (“UEFI”) POST.
However, the above process makes it tedious to reconfigure the TPM. For example, whenever a change needs to be made to the TPM of a computer system, such as a change in the security setting of the TPM, it is necessary to reboot the computer system to make the change. This is laborious and time-consuming, and especially when changes need to be made to multiple computer systems. Note that this problem is intrinsic to the field of computer systems.
Therefore, it would be desirable to have improved methods and systems for performing platform firmware control domain authentication.